CVE-2022-38970 — MEDIUM (6.5)

Vulnerability Description

ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Iegeek	Ig20 Firmware	-
Iegeek	Ig20	-
Hipcam	Realserver	1.0

Related Weaknesses (CWE)

CWE-330

References

https://www.realinfosec.net/cybersecurity-news/iegeek-vulnerabilities-still-prevExploitTechnical DescriptionThird Party Advisory
https://www.realinfosec.net/cybersecurity-news/iegeek-vulnerabilities-still-prevExploitTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2022-38970?

CVE-2022-38970 is a vulnerability with a CVSS score of 6.5 (MEDIUM). ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a...

How severe is CVE-2022-38970?

CVE-2022-38970 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-38970?

Check the references section above for vendor advisories and patch information. Affected products include: Iegeek Ig20 Firmware, Iegeek Ig20, Hipcam Realserver.